package com.example.steam520.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;  // 修复：使用Spring Security的Authentication
import org.springframework.stereotype.Controller;
import org.springframework.stereotype.Service;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("/book")  // 通常建议在类级别@RequestMapping中添加斜杠，规范路径格式
public class BookController {

    @RequestMapping("/list")
    @Secured("ROLE_ADMIN")// 方法级别同样建议添加斜杠，保持一致性
    public String findList() {
        return "book_list";
    }

    @RequestMapping("/admin/manag")
    @PreAuthorize("hasAnyROle('ROLE_ADMIN',ROLE_COMMON)")
    // 修复路径格式，添加斜杠
    public String findManagList() {
        return "book_manag";
    }

    @GetMapping("/main")
    public String mainPage(Authentication authentication) {
        System.out.println("User: " + authentication.getName());
        System.out.println("Authorities: " + authentication.getAuthorities());
        return "main";
    }
}
